From cd5ed38250a07dda34ef22dc4b46ce1ec45197e1 Mon Sep 17 00:00:00 2001 From: Abhishek Shah Date: Wed, 25 Mar 2015 17:36:04 -0700 Subject: [PATCH] Stop port forwarding from pause in net=host mode --- pkg/kubelet/kubelet.go | 48 +++++++++++++++++++++++-------------- pkg/kubelet/kubelet_test.go | 4 ++-- 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index ec262d24c0b..ee2b1230abd 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -1023,12 +1023,21 @@ func allowHostNetwork(pod *api.Pod) (bool, error) { // createPodInfraContainer starts the pod infra container for a pod. Returns the docker container ID of the newly created container. func (kl *Kubelet) createPodInfraContainer(pod *api.Pod) (dockertools.DockerID, error) { + + // Use host networking if specified and allowed. + netNamespace := "" var ports []api.ContainerPort - // Docker only exports ports from the pod infra container. Let's - // collect all of the relevant ports and export them. - for _, container := range pod.Spec.Containers { - ports = append(ports, container.Ports...) + + if pod.Spec.HostNetwork { + netNamespace = "host" + } else { + // Docker only exports ports from the pod infra container. Let's + // collect all of the relevant ports and export them. + for _, container := range pod.Spec.Containers { + ports = append(ports, container.Ports...) + } } + container := &api.Container{ Name: dockertools.PodInfraContainerName, Image: kl.podInfraContainerImage, @@ -1055,20 +1064,6 @@ func (kl *Kubelet) createPodInfraContainer(pod *api.Pod) (dockertools.DockerID, kl.recorder.Eventf(ref, "pulled", "Successfully pulled image %q", container.Image) } - // Use host networking if specified and allowed. - netNamespace := "" - if pod.Spec.HostNetwork { - allowed, err := allowHostNetwork(pod) - if err != nil { - return "", err - } - if !allowed { - return "", fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID) - } - - netNamespace = "host" - } - id, err := kl.runContainer(pod, container, nil, netNamespace, "") if err != nil { return "", err @@ -1364,9 +1359,26 @@ func (kl *Kubelet) computePodContainerChanges(pod *api.Pod, runningPod kubeconta }, nil } +func (kl *Kubelet) canRunPod(pod *api.Pod) error { + if pod.Spec.HostNetwork { + allowed, err := allowHostNetwork(pod) + if err != nil { + return err + } + if !allowed { + return fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID) + } + } + return nil +} + func (kl *Kubelet) syncPod(pod *api.Pod, mirrorPod *api.Pod, runningPod kubecontainer.Pod) error { podFullName := kubecontainer.GetPodFullName(pod) uid := pod.UID + err := kl.canRunPod(pod) + if err != nil { + return err + } // Before returning, regenerate status and store it in the cache. defer func() { diff --git a/pkg/kubelet/kubelet_test.go b/pkg/kubelet/kubelet_test.go index 8c696a515ef..5eec297391c 100644 --- a/pkg/kubelet/kubelet_test.go +++ b/pkg/kubelet/kubelet_test.go @@ -3495,7 +3495,7 @@ func TestHostNetworkAllowed(t *testing.T) { HostNetwork: true, }, } - _, err := kubelet.createPodInfraContainer(pod) + err := kubelet.syncPod(pod, nil, container.Pod{}) if err != nil { t.Errorf("expected pod infra creation to succeed: %v", err) } @@ -3524,7 +3524,7 @@ func TestHostNetworkDisallowed(t *testing.T) { HostNetwork: true, }, } - _, err := kubelet.createPodInfraContainer(pod) + err := kubelet.syncPod(pod, nil, container.Pod{}) if err == nil { t.Errorf("expected pod infra creation to fail") }